You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by se...@apache.org on 2016/12/09 15:01:07 UTC

incubator-ponymail git commit: private messages are now included in downloads if the user has access

Repository: incubator-ponymail
Updated Branches:
  refs/heads/master 28214f682 -> e2138b9d2


private messages are now included in downloads if the user has access

This fixes #108
This fixes #169


Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/e2138b9d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/e2138b9d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/e2138b9d

Branch: refs/heads/master
Commit: e2138b9d2a1c2a7cca761653cc0503539d0f6f10
Parents: 28214f6
Author: Sebb <se...@apache.org>
Authored: Fri Dec 9 14:59:34 2016 +0000
Committer: Sebb <se...@apache.org>
Committed: Fri Dec 9 15:00:15 2016 +0000

----------------------------------------------------------------------
 CHANGELOG.md           |  2 +-
 site/api/lib/utils.lua | 41 +++++++++++++++++++++++++++++++++++++++++
 site/api/mbox.lua      | 20 ++++++++++++++++++--
 3 files changed, 60 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0b763f..1dd722d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
 ## CHANGES in 0.10:
-
+- private messages are now included in downloads if the user has access to them (#169, #108)
 
 ## CHANGES in 0.9b:
 

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/site/api/lib/utils.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/utils.lua b/site/api/lib/utils.lua
index 693bff8..4db196e 100644
--- a/site/api/lib/utils.lua
+++ b/site/api/lib/utils.lua
@@ -48,3 +48,44 @@ function findParent(r, doc, elastic)
 end
 
 
+--[[ 
+  parse a listid
+  returns the full lid, listname and the domain from "<listname.domain>"
+   where listname cannot contain any "." chars
+]]--
+function parseLid(lid)
+    return lid:match("^<(([^.]+)%.(.-))>$")
+end
+
+
+-- does the user have the rights to access the mailing list?
+-- N.B. will fail if rights or list_raw are invalid
+function canAccessList(rights, lid)
+    -- we don't need the name
+    local flid, _ , domain = parseLid(lid)
+    for _, v in pairs(rights) do
+        if v == "*" or v == flid or v == domain then
+            return true
+        end
+    end
+    return false
+end
+
+-- does the user have the rights to access the document?
+-- N.B. will fail if doc is invalid; may fail if rights is invalid
+function canAccessDoc(rights, doc)
+    if doc.private then
+        return canAccessList(rights, doc.list_raw)
+    else
+        return true
+    end
+end
+
+--[[
+    TODO the canAccess functions perhaps belong in aaa.lua.
+    This would allow sites to have their own ways of matching lists to rights and individual docs
+    This should be dealt with if/when aaa.lua is split up into generic and local parts.
+
+    Also the functions do not check their parameters.
+    This is because they may be called frequently.
+]]--

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/site/api/mbox.lua
----------------------------------------------------------------------
diff --git a/site/api/mbox.lua b/site/api/mbox.lua
index 331a8c2..a737d90 100644
--- a/site/api/mbox.lua
+++ b/site/api/mbox.lua
@@ -19,6 +19,9 @@
 
 local elastic = require 'lib/elastic'
 local cross = require 'lib/cross'
+local user = require 'lib/user'
+local aaa = require 'lib/aaa'
+require 'lib/utils'
 
 local days = {
     31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31, 30, 31 
@@ -93,11 +96,24 @@ function handle(r)
             },
             size = 10000
         }
-        
+
+        local account = user.get(r)
+        local rights = nil
+        local listAccessible = nil -- not yet initialised
         -- for each email, get the actual source of it to plop into the mbox file
         for k, v in pairs(docs.hits.hits) do
             v = v._source
-            if not v.private then
+            -- aaa.rights() can be expensive, so only do it once per download
+            if v.private and listAccessible == nil then
+                -- we are dealing with a single list here so only need to check once
+                if account then
+                    local rights = aaa.rights(r, account)
+                    listAccessible = canAccessList(rights, lid)
+                else
+                    listAccessible = false
+                end
+            end
+            if listAccessible or not v.private then
                 local doc = elastic.get('mbox_source', v.mid)
                 if doc and doc.source then
                     r:puts("From \n")